Intrusion detection algorithm based on OCSVM in industrial control system

In order to detect abnormal communication behaviors efficiently in today's industrial control system, a new intrusion detection algorithm based on One-Class Support Vector Machine OCSVM is proposed in this paper. In this algorithm, a normal communication behavior model is established by using OCSVM, and the Particle Swarm Optimization algorithm is designed to optimize OCSVM model parameters. Furthermore, we adopt the normal Modbus function code sequence to train OCSVM model, and then use this model to detect abnormal Modbus TCP traffic. Our simulation results show that the proposed algorithm not only is efficient and reliable but also meets the real-time requirements of anomaly detection in industrial control system. Copyright © 2015 John Wiley & Sons, Ltd.

[1]  Trung Le,et al.  Kernel-based semi-supervised learning for novelty detection , 2014, 2014 International Joint Conference on Neural Networks (IJCNN).

[2]  Jianmin Jiang,et al.  One class support vector machine for anomaly detection in the communication network performance data , 2007 .

[3]  S. Papa,et al.  A transfer function based intrusion detection system for SCADA systems , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[4]  Stephen M. Papa,et al.  A behavioral intrusion detection system for SCADA systems , 2013 .

[5]  Leandros A. Maglaras,et al.  Integrated OCSVM mechanism for intrusion detection in SCADA systems , 2014 .

[6]  Lasith Yasakethu,et al.  Anomaly Detection via One Class SVM for Protection of SCADA Systems , 2013, 2013 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.

[7]  S. Sastry,et al.  SCADA-specific Intrusion Detection / Prevention Systems : A Survey and Taxonomy , 2010 .

[8]  Bartosz Krawczyk,et al.  Clustering-based ensembles for one-class classification , 2014, Inf. Sci..

[9]  Y.A. Sekercioglu,et al.  Detecting Selective Forwarding Attacks in Wireless Sensor Networks using Support Vector Machines , 2007, 2007 3rd International Conference on Intelligent Sensors, Sensor Networks and Information.

[10]  Yang Liu,et al.  One-Class Support Vector Machine Calibration Using Particle Swarm Optimisation , 2007 .

[11]  Hong Gu,et al.  Local density one-class support vector machines for anomaly detection , 2011 .

[12]  Bartosz Krawczyk,et al.  Clustering-Based Ensemble of One-Class Classifiers for Hyperspectral Image Segmentation , 2014, HAIS.

[13]  Chuanhe Huang,et al.  Selection of Candidate Support Vectors in incremental SVM for network intrusion detection , 2014, Comput. Secur..

[14]  Gisung Kim,et al.  A novel hybrid intrusion detection method integrating anomaly detection with misuse detection , 2014, Expert Syst. Appl..

[15]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[16]  Yang Xiao-jun SCADA intrusion detection system based on self-learning Semi-Supervised One-Class Support Vector Machine , 2013 .

[17]  Slim Abdennadher,et al.  Enhancing one-class support vector machines for unsupervised anomaly detection , 2013, ODD '13.

[18]  Harish Karnick,et al.  Kernel-based online machine learning and support vector reduction , 2008, ESANN.

[19]  Takashi Onoda,et al.  Analysis of Intrusion Detection in Control System Communication Based on Outlier Detection with One-Class Classifiers , 2012, ICONIP.

[20]  Tai-Myoung Chung,et al.  Detecting Abnormal Behavior in SCADA Networks Using Normal Traffic Pattern Learning , 2015 .

[21]  Young-Sik Choi,et al.  Least squares one-class support vector machine , 2009, Pattern Recognit. Lett..

[22]  Lin Zhang,et al.  Two methods of selecting Gaussian kernel parameters for one-class SVM and their application to fault detection , 2014, Knowl. Based Syst..

[23]  Fernando De la Torre,et al.  Optimal feature selection for support vector machines , 2010, Pattern Recognit..

[24]  S. L. P. Yasakethu,et al.  Intrusion Detection via Machine Learning for SCADA System Protection , 2013, ICS-CSR.

[25]  Leandros A. Maglaras,et al.  A real time OCSVM Intrusion Detection module with low overhead for SCADA systems , 2014 .

[26]  Ming Wan,et al.  Modbus/TCP Communication Anomaly Detection Based on PSO-SVM , 2014 .

[27]  Venkatesh Saligrama,et al.  A new one-class SVM for anomaly detection , 2013, 2013 IEEE International Conference on Acoustics, Speech and Signal Processing.

[28]  Philipp Winter,et al.  Inductive Intrusion Detection in Flow-Based Network Data Using One-Class Support Vector Machines , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[29]  Ha Yoon Song,et al.  Optimization Conditions of OCSVM for Erroneous GPS Data Filtering , 2011, FGIT-MulGraB.

[30]  Xinghuo Yu,et al.  Building a SCADA Security Testbed , 2009, 2009 Third International Conference on Network and System Security.